Tag Archives: ssh

Using SSH to clone Git repository with multiple private keys

I prefer to use the multiple private keys and avoid using the same private key with multiple services. Recently I decided to switch from HTTPS based Git clone of my bitbucket repositories to SSH based Git clone. So created a new private key added them into bitbucket.org and then I expected that my git clone would work. But it didn’t.

git clone git@bitbucket.org:mybitbucketid/mygitrepository.git
Cloning into 'mygitrepository'...
conq: repository access denied.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I knew I had to point the git client to my private key so I created the following entry in my ~/.ssh/config file.

Host bitbucketrepo
HostName bitbucket.org
IdentityFile ~/.ssh/bitbucket_private_key
User git

Now I felt it would work. I tried again and it still didn’t work.

git clone bitbucketrepo:mybitbucketid/mygitrepository.git
Cloning into 'mygitrepository'...
conq: repository access denied.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Now I was confused as to why it was not working. On further research I found this link. Now I updated the entry in my ~/.ssh/config file to this.

Host bitbucketrepo
HostName bitbucket.org
IdentityFile ~/.ssh/bitbucket_private_key
IdentitiesOnly yes
User git

Now I tried again. This time it worked perfectly.

git clone bitbucketrepo:mybitbucketid/mygitrepository.git
Cloning into 'mygitrepository'...
warning: You appear to have cloned an empty repository.
Checking connectivity... done.

Well the addition of “IdentitiesOnly yes” line in my config file did the trick. It seems that when we do an SSH connection it’s default behavior is to send the identity file matching the default filename for each protocol. So if you have a file named ~/.ssh/id_rsa then that will get tried before your private key which in my case was ~/.ssh/bitbucket_private_key. So by using the “IdentitiesOnly yes” line I explicitly asked my ssh client to use my identity file and nothing else and it worked like a charm.